The present invention relates to a method of and an apparatus for generating pseudo-random numbers which are convenient to be used for a stream cipher system, for example, to be applied to communication systems or information processing systems. In the stream cipher system, the pseudo-random numbers are multiplied onto data streams taking XOR (exclusive OR) logic between them for hindering unpermitted persons from reading contents of communication data or data stored in recording media.
A method called the congruential method, or the multiplicative congruential method (in the following paragraphs, simply called the congruential method) is a well-known and widely used method of generating the pseudo-random numbers, wherein a series of pseudo-random numbers X(1), X(2), . . . are generated by calculating X(j)={AX(i-1)+B}(mod P), sequentially.
In the conventional congruential method, a fixed number, which is determined considering word length of a computer, for example, is used for the modulus P, and it is not changed according to pseudo-random numbers to be generated, such as P=2.sup.32 in a 32-bit computer.
Details of this congruential method is described in "Basic Cryptography I", by Kato, Information & Computing, ex.-3, published by Science Ltd., (September, 1989), for example. Further, a modification of the congruential method is disclosed in a Japanese Patent application laid open as a Provision Publication No. 129480/'96, wherein the parameters A and B are changed according to signals supplied from outside.
However, there exists a linear relation among a series of pseudo-random numbers generated according to the congruential method. Therefore, by resolving simultaneous linear equations obtained from an observed series of pseudo-random numbers, an initial value X(0) of the observed series may be estimated even when their parameters A and B are kept unknown.
Furthermore, there is also a problem in the conventional congruential method that the cryptographic security may not be sufficiently retained even when the pseudo-random numbers are generated by varying parameters A and B, as follows. (Here, the cryptographical security means difficulties to obtain the initial value X(0) of an observed series of the pseudo-random numbers.)
Suppose to generate the pseudo-random numbers by varying the parameters A and B periodically, according to an equation X(j)={A(j(mod T)).multidot.X(j-1)+B(j(mod T))}(mod P)), for example, by preparing T sets of parameters {A(k), B(k)}(k=1, 2, . . . , T). However, once the series of the pseudo-random numbers X(j) (j=1, 2, . . . ) thus generated is sampled by a period T, the sampled series X(iT+k) (i=1, 2, . . . ) is nothing but a series generated according to a simple congruential method with fixed parameters {A(k), B(k)}.
Still Further, when the pseudo-random numbers are used for the stream cipher system, the same pseudo-random numbers should be generated both at the transmitter side and the receiver side separated a long way off from each other. Therefore, it is difficult to vary the parameters A and B at random and simultaneously as well according to the same external signal.
Therefore, sufficient security of correspondence cannot be retained with the stream cipher system when the pseudo-random numbers are generated according to the conventional congruential method, even though the pseudo-random numbers themselves may be generated at a high speed.